DEFTCON 2012
We will participate in the DEFTCON 2012 in Turin (Italy) on March 30.
The conference will be in Italian, more information and the event program can be found here.
To register, write to deftcon@deftlinux.net.
Xplico 0.7.1: DEFT Linux 7
We are pleased to announce the DEFT Linux 7 and the new release of Xplico.
Xplico 0.7.1 fixes some bugs:
- RTP bug fixed
- dispatcher core functionality bug fixed
- mfile manipulator bug fixed
- XI bugs fixed
- added DB migration tool
We are working to 1.0.0 version and you can try it here.
If you are a fun of Xplico, please vote for it 2011 Toolsmith Tool of the Year.
Enjoy!
Xplico 0.6.1: MSN and Paltalk
In this version new dissectors, new features and obviously many bugfix:
- Paltalk chat dissector
- MSN dissector (beta basic version)
- XI Cookie hijacking
- XI pagination for Images and Web
- XI XSS fixed
- XI bugfix
We thank:
- Tim Hentenaa for his Paltalk reverse engineering
- Steve-William KISSI to have found various XSS
- Daniele Franchetto for MSN dissector
- Michele Dallachiesa for cookietools
You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.
Enjoy 😉
Xplico 0.5.7: VoIP tapping and phone numbers
This release introduces improvements in the SIP and RTP dissectors.
In this version was also added the RTCP dissector, with this dissector Xplico is able to obtain the phone numbers of the caller and called party (obviously only if present in the RTCP packets).
DEFT 5.1 Live distribution contains this version.
You can download source code and Ubuntu 10.04 package here.
Enjoy ;).
Xplico version 0.5.3 and DEFT Vx5
You can find this release in DEFT Vx5 Linux distribution.
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.
This version of Xplico introduce many new features:
- snoop Packet Capture File Format as input file
- DNS dissector with graphical representation in Xplico Interface (XI)
- NNTP dissector
- PPPOE dissector
- direct live acquisition from XI
- new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:
xdecode/<ip_src_1>/http
xdecode/<ip_src_1>/mail/
xdecode/<ip_src_1>/nntp
xdecode/<ip_src_1>/ftp
xdecode/<ip_src_1>/...
xdecode/<ip_src_2>/http
xdecode/<ip_src_2>/mail/
xdecode/<ip_src_2>/nntp
xdecode/<ip_src_2>/ftp
xdecode/<ip_src_2>/...
- default CLI dispatcher in command line execution
- file extension for the HTTP contents
We have to thank:
- Carlos Gacimartín, for his help
- Doriano Azzena, for his support in debugging
- Matteo G.P. Flora for inspiration of DNS XI graphics
- Open Flash Chart team for their wonderful tool
- all forum users for their debug
Enjoy ;).
DEFT 4 console-mode
With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:
Read more…
DEFT 4
DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:
- console-mode Xplico execution
- acquisition and processing in realtime (in console-mode)
- access to every HTTP message. You can examine:
- request header and body
- response header and body
- Therefore it will be viewed the request body of the POST
- Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
- viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
- browsing all images transported in HTTP
- improvement of displaying Web pages extracted from pcap file
Remember to run xplico–start from the Terminal and then launch Firefox with URL: http://localhost
